VNC?
I've just tried searching but I can't see a mention of it.
I seem to recall years ago reading of an issue with a certain VNC implementation where the client basically dictated whether it was authenticated or not. I think the logic was, client sends password to server, server responds with an authenticated bool, client sets local variable to authenticated bool.
You could hijack the server response, set it to true and then you'd be connected!
Can anyone remember this?
Biting the hand that feeds IT
